🚀 go-pugleaf

>>>>> In article <3DEC199309331349@elroy.uh.edu>, st1r8@elroy.uh.edu
>>>>> (B.J. Guillot) writes:
st1r8> In article <RATINOX.93Dec2171655@atlas.ccs.neu.edu>, ratinox@atlas.ccs.neu.edu (Richard Pieri) writes...

>> The NSA cannot crack PGP. Correction: the NSA /could/ crack PGP given
>> several Crays dedicated to the task for 10 years (give or take a couple).
>> But they can't crack it in a "reasonable" timeframe.

st1r8> How about someone explaining why PGP is such a great and unbreakable
st1r8> code?

No cypher is unbreakable. It's just that PGP is so extremely difficult and
time consuming to try to break that it isn't worth it. Anyhow, my own
couple of bits on PGP:

PGP
===

PGP  is a "public key"  encryption system.  Encryption  is  the  science of
encoding information  in such a  way  that it's impossible (or  at least as
difficult  as  possible)  to  see  the  information  unless  you  have  the
appropriate key.

Most encryption systems in  use today are "single key" systems; that is,  a
single  key is  used to both  encrypt  and decrypt information. The flaw in
single-key systems is that a secure means of distributing keys is required:
if  anyone  discovers the  key, anything encrypted with  that  key  can  be
easilly seen. Of course, if you have a truely secure means of  distributing
the key, then why do you need a cryptosystem? This is something the gummint
tends to  ignore. BTW, the  Federal DES and the  European  IDEA cyphers are
examples of single-key cryptosystems.

Public key cryptosystems  use a different method of  cryptography--they use
two keys instead of just one. "Cleartext"  (the unencrypted information) is
encrypted  with one  of the  keys.   But  this  key  will  not decrypt  the
"cyphertext" (the encrypted information); but the other key in the key pair
will. Anything encrypted  with one key can be decrypted with the other. One
of the keys  in a public key  pair is called the "public key" and the other
is called the "secret key." By distributing your public key, anyone can use
it  to encrypt message meant for you,  messages that can only  be decrypted
with your secret  key.  Unlike  single-key  systems,  public key  does  not
require a  secure  means for exchange  of keys,  making it that  much  more
secure.

PGP, Pretty  Good Privacy, uses a combination of  the Rivest-Shamir-Adleman
(RSA)  public key algorithm and the International Data Encryption Algorithm
(IDEA), both of which have, to date, resisted all forms  of cryptanalitical
attacks. It  should  be  noted  that use of  the  Federal  Data  Encryption
Standard  (DES) is encouraged  by the  NSA for  corporate use, but  not for
classified information--makes you wonder, doesn't it?

Why  would you want encryption?  According to  the gummint, you  must  have
something illegal to hide if you do. Well,  everyone and their brother uses
envelopes  to send  mail through the  Postal  Service, right? Why? Privacy.
Everyone  wants their  privacy,  and  that's  what  PGP  provides. There is
nothing illegal about it. But the gummint wants it that way.

That's true.  Last year,  the FBI attempted to pass a bill through Congress
that would require trap doors be placed in communication systems (the phone
company primarily) so that government angencies with warrants could easilly
tap in. Fortunately, it failed because manufacturers didn't want to pay the
costs to add the equipment, and Libertarians balked at the privacy issues.

The  new  "Clipper  Chip" the  gummint  is  now  pressing  uses  a  two-key
cryptosystem similar to PGP.  So  will  the  Internet Privacy Enhanced Mail
(PEM) package. The problem with these  systems  is  that the  gummint  or a
government  assigned agency will hold all keys in  escrow, so that they can
decrypt  messages whenever they want. This  is  something that Libertarians
like myself are against. Which is why we use PGP.

If  you're still interested  in PGP, it  is  available from  many FTP sites
around the world:

Finland:    nic.funet.fi  (128.214.6.100)
            Directory: /pub/unix/security/crypt/

Italy:      ghost.dsi.unimi.it  (149.132.2.1)
            Directory: /pub/security/

UK:         src.doc.ic.ac.uk
            Directory: /computing/security/software/PGP

It runs on  Unix, VAX/VMS, MS-DOS, Atari ST,  Amiga, Macintosh, and  can be
ported to run on just about anything.  The current version  is 2.3A, and is
available as   source,   and  binaries   for  MS-DOS are    available.  The
documentation goes into more depth about cryptography, and specifically how
PGP functions.

As Arlo Guthrie put it:

  You know,  if one  person, just  one person does it they  may  think he's
  really sick and won't take  him. And if two people, two people  do it, in
  harmony, they may think they're both  faggots and they won't  take either
  of them.  And three people, three, can you imagine, three  people walking
  in sing a bar of Alice's Restaurant and walking out.  They may think it's
  an organization.  And  can  you  imagine fifty people a day, I said fifty
  people a day walking in sing a bar of Alice's Restaurant and walking out.
  And friends they may thinks it's a movement.

rat-pgp.el
==========

rat-pgp.el is a GNU  Emacs interface to the PGP public key system.  It lets
you easilly encrypt and decrypt message, sign messages with your secret key
(to prove  that it really came from you). It  does  signature verification,
and it  provides  a number  of  other  functions.  The  package  is growing
steadily as more is added. It is my intention that it will eventually allow
as much functionality as accessing PGP directly.

rat-pgp.el is about to  undergo a complete  re-write that will dramatically
increase it's functionality. Watch my .sig for further information.

The most recent version of rat-pgp.el is always available via anonymous FTP
at ftp.ccs.neu.edu, directory /pub/ratinox/emacs-lisp/rat-pgp.el.

-- 
Rat <ratinox@ccs.neu.edu>                Northeastern's Stainless Steel Rat
             PGP 2.x Public Key Block available upon request
    GAT d@ -p+ c++ !l u+ e+(*) m-(+) s n---(+) h-- f !g(+) w+ t- r+ y+
||| | | | |  |  |  |   |   |    |    |    |   |   |  |  |  |  | | | | | |||
`PGP,'  warns Dorothy  Denning,  a Georgetown University professor  who has
worked closely with the National Security Agency, `could potentially become
a widespread problem.'                                       --E. Dexheimer